diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-04-12 16:29:42 -0400 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-04-12 16:29:42 -0400 |
commit | 8b8aa2ca3c803b26fb4a1ba5f249111739376494 (patch) | |
tree | 9fa13e99e60a9effc12bad964b13a3c23fab795e /app/team.go | |
parent | 03502cf73b8513a40877b1ac5726523974661d4d (diff) | |
download | chat-8b8aa2ca3c803b26fb4a1ba5f249111739376494.tar.gz chat-8b8aa2ca3c803b26fb4a1ba5f249111739376494.tar.bz2 chat-8b8aa2ca3c803b26fb4a1ba5f249111739376494.zip |
Refactor OAuth 2.0 code into app layer (#6037)
Diffstat (limited to 'app/team.go')
-rw-r--r-- | app/team.go | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/app/team.go b/app/team.go index 327ab7f3e..d4e6d6308 100644 --- a/app/team.go +++ b/app/team.go @@ -6,6 +6,7 @@ package app import ( "fmt" "net/http" + "net/url" "strconv" "strings" @@ -747,3 +748,33 @@ func GetTeamStats(teamId string) (*model.TeamStats, *model.AppError) { return stats, nil } + +func GetTeamIdFromQuery(query url.Values) (string, *model.AppError) { + hash := query.Get("h") + inviteId := query.Get("id") + + if len(hash) > 0 { + data := query.Get("d") + props := model.MapFromJson(strings.NewReader(data)) + + if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) { + return "", model.NewAppError("GetTeamIdFromQuery", "api.oauth.singup_with_oauth.invalid_link.app_error", nil, "", http.StatusBadRequest) + } + + t, err := strconv.ParseInt(props["time"], 10, 64) + if err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hours + return "", model.NewAppError("GetTeamIdFromQuery", "api.oauth.singup_with_oauth.expired_link.app_error", nil, "", http.StatusBadRequest) + } + + return props["id"], nil + } else if len(inviteId) > 0 { + if result := <-Srv.Store.Team().GetByInviteId(inviteId); result.Err != nil { + // soft fail, so we still create user but don't auto-join team + l4g.Error("%v", result.Err) + } else { + return result.Data.(*model.Team).Id, nil + } + } + + return "", nil +} |